Vulnerability

tripwire.com

Find a Playstation 4 vulnerability and earn over $50,000

Do you think you have found a vulnerability in the Sony PlayStation 4 or the PlayStation Network?

You could be heading towards a sizeable sum of money, after Sony announced details of its new bug bounty program. Just be sure to play by the rules…

Read more in my article on the Tripwire State of Security blog.

bitdefender.com

Credit-card skimming malware hit websites as Coronavirus lockdown forced retailers to close high street stores

On March 20th, the Claire’s accessories retail chain beloved by young girls around the world made the sensible decision to close all of its physical stores in response to the Coronavirus Covid-19 pandemic.

A nuisance for shoppers, certainly. But also an opportunity if you were a malicious hacker.

Read more in my article on the Bitdefender Business Insights blog.

bitdefender.com

Your “smart” household appliance might have a short lifespan

Are you itching for an internet fridge? Hankering for a smart washing machine? Thirsting for an IoT-enabled thermostat?

Well, think twice before you make a potentially costly mistake when deciding what appliance you will be next be purchasing for your home.

Read more in my article on the Bitdefender BOX blog.

bitdefender.com

Pablo Escobar’s brother says FaceTime flaw revealed his address, sues Apple for a publicity stunt (and $2.6 billion)

As YouTubers warn the public not to buy smartphones from Escobar Inc, the notorious drug lord’s brother orchestrates a publicity stunt.

Read more in my article on the Hot for Security blog.

Mitsubishi hackers may have stolen details of prototype missile

Hackers exploited vulnerabilities in one of Trend Micro’s anti-virus products last year to steal information from Japanese manufacturer Mitsubishi Electric.

Now, the Japanese Defense Ministry believes the state-sponsored hackers may have been after details of a prototype missile.

FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin

The FBI has issued a “flash alert” warning that hackers are planting Magecart-style credit card-skimming code on Magento-powered online stores running an out-of-date plugin.

tripwire.com

The most-targeted security vulnerabilities – despite patches having been available for years

Newly-discovered zero-day vulnerabilities may make the biggest headlines, but that doesn’t mean that they’re necessarily the thing that will get your company hacked.

This week, US-CERT has published its list of the “Top 10 Routinely Exploited Vulnerabilities”.

Read more in my article on the Tripwire State of Security blog.

Smashing Security podcast #178: Office pranks, meat dresses, and robocop dogs

Graham shares stories of email storms, Carole describes the steps being taken by firms as they try to coax employees back to the office, and special guest Lisa Forte details a hack that has impacted Lady Gaga and other celebrities.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with computer security veterans Graham Cluley and Carole Theriault.

tripwire.com

For six years Samsung smartphone users have been at risk from critical security bug. Patch now

Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014.

Read more in my article on the Tripwire State of Security blog.

Ghost blogging platform suffers security breach

Scary stuff as hackers exploit Salt vulnerability in attempt to mine cryptocurrency on breached blogging platform’s servers.

bitdefender.com

A GIF image could have let hackers hijack Microsoft Teams at your firm

A critical vulnerability has been patched in the Microsoft Teams work collaboration platform after security researchers discovered a way in which hackers could compromise accounts and steal data with a seemingly harmless .GIF image.

Read more in my article on the Bitdefender Business Insights blog.

Hackers’ malicious script skimmed credit card details off Robert Dyas website

UK DIY, electricals, and houseware chain Robert Dyas has revealed that malicious code on Robert Dyas’s payment page was secretly skimming the credit card details of customers and sending them to hackers.

bitdefender.com

Text ‘bomb’ crashes iPhones, iPads, Macs and Apple Watches – what you need to know

An innocent-looking message, containing characters in the Sindhi language, can cause your iPhone to crash without warning.

Read more in my article on the Hot for Security blog.

tripwire.com

A Zoom zero-day exploit is up for sale for $500,000

There are reportedly two zero-day vulnerabilities present in the latest versions of Zoom for Windows and macOS – and exploits for the unpatched flaws are being actively hawked to anyone who might be prepared to pay.

Read more in my article on the Tripwire State of Security blog.

bitdefender.com

Hacking the iOS/macOS webcam – Apple pays out $75,000 to bug hunter

A vulnerability researcher has received a bug bounty after discovering security holes in Apple’s software that could allow malicious parties to hijack an iPhone or Mac user’s camera and spy upon them.

Read more in my article on the Hot for Security blog.

Smashing Security podcast #172: UncleF***Face

Carole details how companies are spying on their stay-at-home workers, Mikko Hyppönen discusses the trustworthiness of video chat apps, and Graham gets embarrassed when he admits he’s bought a Facebook Portal for his in-laws.

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with Graham Cluley and Carole Theriault.